ignition: propogate HTTP proxy variables from host to remote

Podman often has to run behind an http/https proxy, often in corporate environments. This proxy may or may not include SSL inspection capabilities, requiring a trusted SSL CA certificate to be added to a system's trust store. Solve this by reading standard proxy variables (HTTP_PROXY HTTPS_PROXY NO_PROXY http_proxy https_proxy no_proxy) and injecting them into the machine at init. [NO NEW TESTS NEEDED] Signed-off-by: Aditya Rajan <arajan@redhat.com>
2025-06-23 02:18:13 +08:00 · 2022-01-05 17:40:45 +05:30
parent 87cd4b698c
commit 5c363ff276
1 changed files with 29 additions and 0 deletions
--- a/pkg/machine/ignition.go
+++ b/pkg/machine/ignition.go
@ -340,6 +340,24 @@ machine_enabled=true
 		},
 	})

+	setProxyOpts := getProxyVariables()
+	if setProxyOpts != "" {
+		files = append(files, File{
+			Node: Node{
+				Group: getNodeGrp("root"),
+				Path:  "/etc/profile.d/proxy-opts.sh",
+				User:  getNodeUsr("root"),
+			},
+			FileEmbedded1: FileEmbedded1{
+				Append: nil,
+				Contents: Resource{
+					Source: encodeDataURLPtr(setProxyOpts),
+				},
+				Mode: intToPtr(0644),
+			},
+		})
+	}
+
 	setDockerHost := `export DOCKER_HOST="unix://$(podman info -f "{{.Host.RemoteSocket.Path}}")"
 `

@ -411,6 +429,17 @@ func getCerts(certsDir string) []File {
 	return files
 }

+func getProxyVariables() string {
+	proxyOpts := ""
+	proxyVariables := []string{"HTTP_PROXY", "HTTPS_PROXY", "NO_PROXY", "http_proxy", "https_proxy", "no_proxy"}
+	for _, variable := range proxyVariables {
+		if value, ok := os.LookupEnv(variable); ok {
+			proxyOpts += fmt.Sprintf("\n export %s=%s", variable, value)
+		}
+	}
+	return proxyOpts
+}
+
 func getLinks(usrName string) []Link {
 	return []Link{{
 		Node: Node{